Testing Provisioning

ethompson · February 9, 2022, 7:44pm

What is the best/quickest way to test provisioning for an existing Identity?

I can add a user to the Identity List of a Role, but when the update is run it checks all users which can take some time.

Example: Testing JDBC Provisioning Rule

Update Rule
Add Existing User to Identity List for Role/AP for that Source
Update Role

yannick_beot · February 9, 2022, 9:00pm

My personal workflow is:

Develop solid Java code and test it locally in my IDE: it prevents to upload JAR, and all. By developing and testing locally, it saves a lot of time!
Create the rule: the rule can be pretty simple and call your class

import a.b.c.MyRule;
return MyRule.provision( application, connection, plan);

Upload the latest version of my JAR (thanks maven for generating this for me) for the source
Then I usually create an access profile for my source, without workflow approval
I create a “dummy” app to request that access profile
I request this access profile for a “dummy” user

If I have to request several times the same access profile for the same user, I usually ends up leveraging postman the create the access request for me, so a simple click would suffice instead of the handful clicks required to create the access request.
Hope this helps!

ethompson · February 9, 2022, 10:21pm

Thanks Yannick!

Using Postman lines up with some creation I had done in the past and works well for this.

Search for user and get their id
Search for a Role (Access Profile) and get the role-id
Grant access for that id to the role-id and the provisioning is triggered

yannick_beot · February 10, 2022, 8:20am

It sure works.
I’m a bit more leazy than that.
I create the access request in the browser with the developer tools on. So I get the payload and copy/paste it as is in postman.

chirag_patel · February 10, 2022, 12:03pm

You can add identity manually in role(Use identity list as selection criteria) and then run single identity refresh with old cc api. This would run single identity refresh and not all roles would get refreshed.

When you want to test deprovision, remove that identity from list, save role and then run single identity refresh again.

ethompson · February 10, 2022, 3:19pm

What is the cc api for single identity refresh?

Tyler_Triplett · February 14, 2022, 2:10pm

POST /cc/api/system/refreshIdentities

Then use Body for a Filter. I have used UID or Name, but stick with UID.

{
   "filter" : "uid == \"SomeUID\"",
   "refreshArgs" : {
     "correlateEntitlements" : "true",
     "promoteAttributes" : "true",
     "refreshManagerStatus" : "false",
     "synchronizeAttributes" : "false",
     "pruneIdentities" : "false",
     "provision" : "true"
   }
}

Topic		Replies	Views
Validate Provisioning with Test user ISC Discussion and Questions identity-security-cloud , provisioning	3	136	May 24, 2024
JDBC Provisioning Guide ISC Discussion and Questions identity-security-cloud , provisioning , jdbc-connector	6	517	January 13, 2025
Sequential Provisioning Discussion ISC Discussion and Questions identity-security-cloud , provisioning	7	389	January 21, 2024
Automatically run Identity Refresh after role assignment IIQ Discussion and Questions identityiq , provisioning , roles	3	85	December 20, 2024
Custom Attributes in Provisioning Plan ISC Discussion and Questions identity-security-cloud , provisioning	8	1806	September 18, 2023

Testing Provisioning

Related topics